On any given day \u2013 with a quick spot-check \u2013 you\u2019ll probably find that up to half of your company\u2019s IT usage is basically hidden in the shadows of various business units. Marketing, finance, sales, human resources, and engineering are using file sharing services with customers, online collaboration tools with contractors and suppliers, and multiple SaaS solutions in addition to on-demand IaaS compute resources. Business areas oftentimes make swift decisions to keep their business operations running. As departments look for the best way to do their jobs and efficiently meet their business objectives, they opt for immediate solutions that often operate outside of corporate IT security policies and guidelines.When it comes to business units \u2013 if you haven\u2019t created an environment of trust \u2013 IT can quickly rank the least-loved group in a company. Worse yet, you could be seen as the department of prevention. While the business units are looking for new apps or elastic compute to increase productivity, IT is looking for efficiency, security, and compliance. Departments will side step IT if they believe the needed services won\u2019t be available in time, or if the value proposition is weak.In today\u2019s cyberattack-riddled environments, \u201cshadow IT\u201d is undeniably risky. To ensure optimum safety, you\u2019ve got to bring IT into the light. Multiple file sharing services have been breached, and credential theft can potentially allow an adversary into any of these services. You\u2019ve got to have IT security experts involved in the selection of these cloud services or construction of private clouds. Period.Soon after joining McAfee, I took on the added responsibility as CIO in addition to my role as VP of operations. No easy task \u2013 but I saw what the business functions needed to move forward, and I knew that IT had to be at the center of it, as a \u201creliable and trustworthy business partner.\u201d My first objective was the transformation of IT into a more collaborative and positive role. There was a lot of shadow IT at the company then and a pervasive attitude of mistrust.Transformation is an issue of trust. If other groups within the company felt they could not work with IT, we needed to counter that perception. We started with the business functions, which tend to have simpler IT needs, such as marketing and sales, and moved up to the big challenge of winning over engineering.Start with forgiveness\u201cIt\u2019s easier to ask for forgiveness than permission\u201d is something you often hear when groups are discussing a shadow IT project. I suggest approaching with an attitude of forgiveness and understanding \u2013 to rebuild what are often strained relationships. Recent hacks and breaches will make this easier. You may have to remind your colleagues that their data is better off under the IT security tent if something bad happens, and that you will be their partner in this. Having to face the board of directors because the new marketing strategy, product designs, or customer data was stolen is a scenario that should convince most managers to at least participate in talks.Build trust with transparencyYou still need to address the agility and cost issues that are the root cause of shadow IT, or the problem will persist. We put together an effective governance model that enabled a high level of transparency on what was and wasn\u2019t working. IT doesn\u2019t always think the same way as the other groups, and clear communication and governance were important steps to understanding the business unit\u2019s needs and building trust. Developing the cost models together, our business units realized that they got a much better financial deal when working with IT. Moreover, they were operating within the boundaries of corporate security policies.Set up a cloud architecture teamTackling shadow IT from the engineering department brought new issues to light. With their own technical resources, \u201cdo it yourself\u201d is often the default path for engineering. This not only results in a gap between IT and engineering, but different development stacks and services between the various product teams, which makes it costly and difficult to scale. We set up an engineering\/IT cloud architecture team to build a consistent set of use cases and identify big bets that we could put our joint resources on, so we could move forward quickly. It took time to get this started, but we were playing the long game here, working to bridge these two groups, not trying for a quick takeover.In the end, the teaming approach among IT, the business functions, and engineering enabled us to develop a total view of business needs and a joint architectural approach. We had full visibility of the on-prem and SaaS managed infrastructure and capabilities that allowed us to get the results we needed like rapid achievement of new capabilities and an improved cost model.